This post is also available in: 日本語 (Japanese)
Palo Alto Networks founder Nir Zuk last year called for radically transforming the security market by creating a new product category for endpoint protection: XDR. We launched the category in February with the release of Cortex XDR and other players have announced their intent to enter the XDR market soon.
XDR is the next leap forward for endpoint detection and response (EDR). We replaced the “E” in EDR with an “X” to show that we have expanded detection and response beyond the endpoint - adding integration with the network, the cloud and all of the data subsets that flow through those sources.
The need for XDR was validated early on by analyst firms including Ovum and ZK Research. They recognized that modern attackers don’t just target endpoints, but instead aim their sights on an organization’s entire infrastructure. Point products that each only see a tiny slice of the technology stack don’t provide sufficient context or insight to understand how an attack progresses. What’s worse, they generate a huge number of false positive alerts that increase workloads and obscure visibility into the real threats.
For an XDR product to effectively solve these challenges, it must be:
- Offered as a single cloud-based product for unrestricted accessibility and scale
- Able to collect, correlate and analyze data from network, endpoint and cloud within a single repository offering at least 30 days of historical retention
- Designed with embedded machine learning and automation that reduces manual efforts for security users
- Able to reduce future risk and continually strengthen prevention by applying knowledge gained through detection, investigation and response
After we released Cortex XDR in February as the industry’s first XDR product, it quickly gained traction helping security operations teams make sense of the hundreds or thousands of isolated, low-fidelity alerts that they receive daily. By integrating multiple tools and data sources into one, Cortex XDR provides greater visibility and efficiency, while delivering machine learning-aided capabilities that allow analysts of all skill levels to quickly and easily respond to attacks.
Cortex XDR has gained strong momentum with enterprise customers since its release. The feedback has been overwhelmingly positive. Cortex XDR has also proven its mettle in third-party testing – recently delivering the most (and best) detections of all products examined in the MITRE ATT&CK APT-3 evaluation.
Other security providers have noticed our success. Several startups and legacy technology vendors have announced plans to build XDR solutions over the past few months, including one announcement last week. This category growth reflects market recognition of the reality that security operations teams have a critical need that siloed endpoint protection tools cannot meet.
We will continue to push the limits of innovation in this category as we build new capabilities to help security teams win against sophisticated attackers. Cortex XDR already supports the widest set of operating systems and delivers the broadest visibility and enforcement, and we’re getting better every day. We are pleased to see others working to enter the XDR category; we truly believe it will deliver a brighter and more secure future for organizations everywhere.
To learn how Cortex XDR stacks up against traditional EDR products in testing using the independent MITRE ATT&CK framework, click here.